{
    "id": "bundle--8e14037f-4f9a-4d84-bff1-b543f112481f",
    "objects": [
        {
            "created": "2015-11-09T00:00:00.000Z",
            "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd",
            "description": "Changes to registry entries in \"HKLM\\Software\\Microsoft\\Windows NT\\Winlogon\\Notify\" that do not correlate with known software, patch cycles, etc are suspicious. New DLLs written to System32 which do not correlate with known good software or patching may be suspicious.",
            "id": "course-of-action--06e89ede-e243-47b4-9f02-1fd206dd5a5b",
            "modified": "2023-01-24T00:00:00.000Z",
            "name": "coa-579-0",
            "object_marking_refs": [
                "marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"
            ],
            "spec_version": "2.1",
            "type": "course-of-action",
            "x_capec_version": "3.9"
        }
    ],
    "type": "bundle"
}