[
    {
        "Id":  "T1012",
        "Name":  "Query Registry",
        "Type":  "Discovery",
        "Description":  "Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.",
        "URL":  "https://attack.mitre.org/techniques/T1012"
    },
    {
        "Id":  "T1053",
        "Name":  "Scheduled Task",
        "Type":  "Execution, Persistence, Privilege Escalation",
        "Description":  "Utilities such as at and schtasks, along with the Windows Task Scheduler, can be used to schedule programs or scripts to be executed at a date and time. A task can also be scheduled on a remote system, provided the proper authentication is met to use RPC and file and printer sharing is turned on. Scheduling a task on a remote system typically required being a member of the Administrators group on the the remote system.",
        "URL":  "https://attack.mitre.org/techniques/T1053"
    },
    {
        "Id":  "T1060",
        "Name":  "Registry Run Keys / Startup Folder",
        "Type":  "Persistence",
        "Description":  "Adding an entry to the \"run keys\" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account\u0027s associated permissions level.",
        "URL":  "https://attack.mitre.org/techniques/T1060"
    },
    {
        "Id":  "T1106",
        "Name":  "Execution through API",
        "Type":  "Execution",
        "Description":  "Adversary tools may directly use the Windows application programming interface (API) to execute binaries. Functions such as the Windows API CreateProcess will allow programs and scripts to start other processes with proper path and argument parameters.",
        "URL":  "https://attack.mitre.org/techniques/T1106"
    }
]